What is TLS and why do we need it. Can someone explain to me what roles does it play in Kubernetes? What will happen if I don't use it? Can someone explain it to me with an example?
Thank you for your time.
TLS definition from wikipedia:
The TLS protocol aims primarily to provide privacy and data integrity between two or more communicating computer applications ... TLS supports many different methods for exchanging keys, encrypting data, and authenticating message integrity.
It is used by k8s control plane for encrypting data in trasit. Encryption in transit protects your data if communications are intercepted while data moves between client and server. In case of k8s, e.g. kubelet or controller manager are usually clients and api-server is considered a server.
I am not sure if you can do this (not use it). I think its use is enforced by k8s components. All you can do is to ignore certificate validation.
But let's imagine for now that you managed to bootstrap a cluster without tls and all communcation is now plaintext based (meaning there is no encryption). Now if I manage to intercept the communication, I (malicious actor) can see what you are sending to the cluster. And since there is no mechanism to enforce data integrity, I can change this data to anything I want and pass it forward. You would have no way to check if you are exchanging data with the cluster or with me and if I am altering the data, adding malicious code or else.
Additionally, tls certificates are used by k8s components for authentication purpouses. This means that e.g. in order for kubelet to join the cluster it needs to prove that it is allowed to do this by showing it has a valid certificate, signed by known authority (this usually means selfsigned). You woudln't be able to verify that the kubelet is yours and that is's not some malicious kubelet I joined to your cluster.